Authentication is the process of verifying the identity of a user or a computing device in both stand alone terminals and networked environments. In private and public computer networks (including the Internet), authentication is commonly performed through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Typically, each user initially registers using an assigned or self-declared password. On each subsequent use, the user must remember and use the previously declared password.
Biometrics makes use of a user's personal characteristics to perform authentication. A user's personal characteristics may include, for example, unique patterns and/or traits in fingerprints, irises, voice, faces, and/or DNA. These personal characteristics may be acquired using a variety of biometric devices including, for example, a fingerprint scanner, a retinal scanner, a voice acquisition hardware/software unit, and other devices well known in the art.
Organizations that distribute sensitive information (e.g., flat files, databases, web pages, web application, web services, and applications) to authorized parties over a network are increasingly adopting biometrics as a necessary component for authentication. In a general sense, each type of sensitive information (e.g., a sensitive file, database, application, web application, web page, web service, etc.) may be referred to as a secure resource. Some secure resources may be more sensitive than other secure resources, and thus may require a more rigorous authentication process. Also, some secure resources and users may require different access interfaces.
To use a biometric for authentication, a user must be enrolled in the biometric authorization system. More specifically, an initial biometric image (i.e., a biometric sample) is acquired from the user. This image may be processed to extract characteristic features from the image. The image or some characteristic representation of the image (i.e., a reference biometric template) is then stored securely for future reference. During an authentication procedure, a new image is taken from a candidate individual, the new image is processed to create a candidate biometric template, the candidate biometric template is compared with the reference biometric template, and a decision made as to whether or not the candidate biometric template matches the reference biometric template.
In a biometric authorization system, a biometric server may provide biometric authentication services such as enrollment of users, storage of users' reference biometric templates, and matching reference biometric templates to candidate biometric templates. Typically, a biometric server application on the biometric server provides a user interface that may be used by other parts of the biometric authorization system to request the biometric authentication services of the biometric server. The biometric server application processes the service requests using a biometric application programming interface (API) implemented by the biometric server. More specifically, the biometric server may include a concrete implementation of a biometry API that exposes classes and interfaces for using the services (e.g., biometric matching, user enrollment, reference template creation, etc.).
The biometry API may be defined by a biometry API specification. A biometry API Specification is a document that describes all the components (i.e., classes, interfaces, functions, etc.) of the biometry API and the intended behavior of these components. This description is in the form of compatibility rules (i.e., statements or assertions about the intended behavior). One example of a biometry API specification is the JAVA CARD™ Biometry API Specification. JAVA CARD™ is a trademark of Sun Microsystems, Inc. headquartered in Santa Clara, Calif.
Typically, an implementation of a biometry API is tested for compliance (i.e., compatibility) to the biometry API specification. In general, the compatibility testing exercises features of the API to ensure that the implementation of the features complies with the compatibility rules (i.e., assertions) in the specification.